show tcp syn packets on all network interfaces

tcpdump -i any -n tcp[13] == 2

0
By: wincus
2010-01-21 14:18:16

These Might Interest You

  • ethstatus part of ethstatus package, is a consolle based monitor for network interfaces. Nicely display on screen a real time summary about bandwidth, speed and packets.


    6
    ethstatus -i eth0
    servermanaged · 2009-05-09 19:33:39 0
  • At some point you want to know what packets are flowing on your network. Use tcpdump for this. The man page is obtuse, to say the least, so here are some simple commands to get you started. -n means show IP numbers and don't try to translate them to names. -l means write a line as soon as it is ready. -i eth0 means trace the packets flowing through the first ethernet interface. src or dst w.x.y.z traces only packets going to or from IP address w.x.y.z. port 80 traces only packets for HTTP. proto udp traces only packets for UDP protocol. Once you are happy with each option combine them with 'and' 'or' 'not' to get the effects you want.


    2
    tcpdump -nli eth0; tcpdump -nli eth0 src or dst w.x.y.z; tcpdump -nli eth0 port 80; tcpdump -nli eth0 proto udp
    jonty · 2009-02-05 17:41:55 0
  • From 'man netstat' "netstat -i | -I interface [-abdnt] [-f address_family] [-M core] [-N system] Show the state of all network interfaces or a single interface which have been auto-configured (interfaces statically configured into a system, but not located at boot time are not shown). An asterisk (``*'') after an interface name indicates that the interface is ``down''. If -a is also present, multicast addresses currently in use are shown for each Ethernet interface and for each IP interface address. Multicast addresses are shown on separate lines following the interface address with which they are associated. If -b is also present, show the number of bytes in and out. If -d is also present, show the number of dropped packets. If -t is also present, show the contents of watchdog timers."


    -2
    netstat -an | grep -i listen
    scubacuda · 2009-02-19 19:27:49 3
  • On Windows 2000 or newer, you can use the command line to save the current network interface info. You can then edit the text file and re-apply it using the netsh -f command (or netsh exec). Keep a bunch of text files around to quickly switch connection info without using extra software. http://en.wikipedia.org/wiki/Netsh http://support.microsoft.com/kb/242468 http://thelazyadmin.com/blogs/thelazyadmin/archive/2005/04/04/Using-Netsh-to-Manage-Network-Interfaces-Part-2.aspx Show Sample Output


    -2
    netsh interface ip dump > current-interfaces.txt
    piyo · 2009-02-13 15:13:05 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: